Google's Threat Analysis Group (TAG) has published a blog post detailing a number of exploits in iOS that allowed hacked² websites to hack¹ into an iPhone simply if the iPhone visited the site.

谷歌威胁分析小组（TAG）在博客上详细介绍了一些iOS上的漏洞，iPhone只要访问被黑客入侵的网站，这些网站就能轻易黑进iPhone。

Once an iPhone did that, malware was installed on the device that allowed the hackers³ to monitor the iPhone's live location every 60 seconds as well as upload virtually any files from the iPhone—including iMessage and WhatsApp messages.

iPhone一旦访问这些网站，就会被安装恶意软件，黑客每隔60秒就能监控iPhone的实时位置，还可以从iPhone上上传任何文件，包括iMessage和WhatsApp的信息。

TAG says the exploit "may be one of the largest attacks against iPhone users ever." It reportedly affected⁴ iPhones running iOS 10 to iOS 12:

威胁分析小组称这个漏洞“可能是目前针对iPhone用户最大的一个威胁”，据称它会影响iPhone iOS 10到iOS 12的每个版本。

Working with TAG, we discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone's web browser⁵, five for the kernel⁶ and two separate sandbox escapes. Initial analysis indicated that at least one of the privilege escalation⁷ chains was still 0-day and unpatched at the time of discovery.

我们和威胁分析小组合作发现五个攻击链中共有14个漏洞：其中7个针对iPhone的网络浏览器、5个针对内核，还有2个独立的沙箱逃逸。初步分析表明特权升级链中至少有一个仍然是零日漏洞（指被发现后立即被恶意利用的安全漏洞），而且发现以后没有进行修复。

There is some good news, however. First, an iPhone user had to visit one of the hacked websites in order for their iPhone to be infected. TAG did not specify⁸ which websites were hacked, but their report says the sites received "thousands of visitors per week," suggesting the sites received relatively⁹ minor¹⁰ traffic relative to the number of iPhones in the wild.

但也有好消息。首先iPhone用户需要访问一个被黑的网站才会被攻击，威胁分析小组并未具体说明哪些网站被黑了，但报告中称这些网站“每周有数千访问者”，相比iPhone的使用量来说这些网站的访问量只是很小一部分。

Further, even if the malware made it onto an iPhone, when a user restarted their iPhone, the malware would be wiped clean in most instances. Of course, news of any exploits in iOS isn't good—no matter how few users were impacted.

而且即使iPhone被安装了恶意软件，在大多数情况下用户重启手机后恶意软件都会被清理干净。当然任何关于iOS漏洞的消息都不是好消息，即使受影响人数很少。

The good news is that Apple acted quickly once TAG alerted them to the exploits. TAG says it contacted Apple about the exploits on February 1, 2019, and Apple fixed¹¹ all of the exploits just six days later with the release of iOS 12.1.4 on February 7, 2019.

好消息是威胁分析小组一提醒苹果公司漏洞的问题，他们就立刻采取了行动，威胁分析小组称在2019年2月1日就漏洞问题联系了苹果公司，该公司仅用6天就修复了所有漏洞，在2019年2月7日发布了iOS 12.1.4。